Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa
File:                     1225cc34-f5d1-422d-9202-634bc8e5a66b.roa (raw, json)
Hash identifier:          Wqu8y+V1v2T3f5SZMP0AZN9FwQq0Eihv4eJTTbbal+4=
Subject key identifier:   18:27:7B:BC:C4:B1:1D:15:E9:37:5B:95:C6:85:B1:68:1C:5C:43:30
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       48D1A41B4697FFFEC96042C2AEBF42E04A106D70
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.80.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:d1:a4:1b:46:97:ff:fe:c9:60:42:c2:ae:bf:42:e0:4a:10:6d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=6a3d0cd7fe57fa295e26f899a19f2206426a853c6134205a26db8787e37174ca, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7a:88:31:01:35:18:d6:23:32:df:1a:bc:e3:
                    8b:e0:51:db:5f:05:98:7f:16:16:25:35:08:87:fe:
                    49:be:eb:1a:f4:6d:bf:db:43:9e:b4:59:f0:29:f2:
                    c3:3e:bb:1b:ed:79:fe:34:3e:27:61:46:14:ed:68:
                    d0:02:89:19:2f:41:2e:c6:5e:76:e9:0e:6e:42:72:
                    73:97:55:d2:27:2a:fa:73:fd:23:e4:07:44:ac:4e:
                    e6:84:bf:5f:16:a0:a6:b9:9e:2f:8c:f8:ae:fa:27:
                    e2:ed:9a:e7:4e:16:6e:9a:02:3d:7c:31:61:f2:96:
                    cc:83:b8:31:09:85:61:28:56:e8:45:b2:e1:b9:d2:
                    ee:d3:88:c9:90:bf:e3:24:b6:31:2d:c2:89:2f:89:
                    02:0f:43:6e:4b:cb:0f:35:5b:37:44:f7:25:a2:d8:
                    2f:3b:26:55:fb:04:af:2b:09:37:42:e2:f4:51:61:
                    fe:e7:91:e2:6b:7d:6e:48:80:33:c6:95:76:66:1a:
                    91:e3:e4:99:31:bd:03:a7:70:1f:e1:77:92:fc:54:
                    37:f9:75:b8:a7:b9:dc:a4:ad:c7:f2:80:74:48:59:
                    c3:4b:f1:57:51:2b:17:c3:96:ea:3c:1c:cb:72:6b:
                    a1:07:d8:ed:ac:ba:d6:b5:71:5c:4e:55:c8:90:8b:
                    35:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:27:7B:BC:C4:B1:1D:15:E9:37:5B:95:C6:85:B1:68:1C:5C:43:30
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:62:39:29:d8:90:f5:9d:07:6e:39:a8:3d:a2:c4:1e:df:18:
         a1:1c:8a:9f:9f:20:cb:17:3b:e5:1a:02:df:be:4a:a9:de:5b:
         38:eb:78:42:d6:35:0d:f0:59:ef:c5:c3:26:4b:ac:01:9f:1f:
         7f:41:41:d8:52:60:e3:f7:ed:b9:cf:17:46:b7:d5:94:ff:6a:
         cb:bf:b3:2d:9e:46:6a:b7:6f:8f:ff:1f:92:2a:52:77:ff:b2:
         10:ca:34:88:7b:bb:a6:67:3c:6e:73:63:3c:b7:d6:b9:1b:de:
         91:01:47:84:91:4e:a2:18:76:e8:c6:b8:f2:b1:2b:2c:ee:0e:
         da:52:39:32:52:4e:e3:bb:71:dc:85:18:bd:4d:b9:1b:f5:bd:
         32:f9:b6:02:54:b2:e2:15:a8:6c:48:63:9a:7c:40:f5:e6:46:
         25:74:77:7b:52:79:5b:31:14:ba:9c:62:f3:cc:39:83:cb:ef:
         d6:7f:60:cb:7a:1c:30:f9:e4:d2:e1:f4:d1:21:61:0e:f3:e4:
         f4:6d:00:ec:8b:3e:e1:19:3c:46:46:f6:aa:0c:95:89:af:10:
         82:a2:4c:94:0c:a2:ea:d8:bc:e3:f2:e7:8a:9e:7d:7d:c9:46:
         38:51:25:84:5e:e9:4c:b6:96:80:36:a1:14:98:b0:85:26:58:
         90:df:7e:2e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSNGkG0aX//7JYELCrr9C4EoQbXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhM2QwY2Q3ZmU1N2ZhMjk1ZTI2Zjg5OWExOWYyMjA2NDI2YTg1M2M2MTM0
MjA1YTI2ZGI4Nzg3ZTM3MTc0Y2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZ6iDEBNRjWIzLfGrzji+BR218FmH8WFiU1CIf+Sb7rGvRtv9tDnrRZ8Cny
wz67G+15/jQ+J2FGFO1o0AKJGS9BLsZedukObkJyc5dV0icq+nP9I+QHRKxO5oS/
XxagprmeL4z4rvon4u2a504WbpoCPXwxYfKWzIO4MQmFYShW6EWy4bnS7tOIyZC/
4yS2MS3CiS+JAg9DbkvLDzVbN0T3JaLYLzsmVfsErysJN0Li9FFh/ueR4mt9bkiA
M8aVdmYakePkmTG9A6dwH+F3kvxUN/l1uKe53KStx/KAdEhZw0vxV1ErF8OW6jwc
y3JroQfY7ay61rVxXE5VyJCLNTECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQYJ3u8
xLEdFek3W5XGhbFoHFxDMDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIyNWNjMzQtZjVkMS00MjJkLTkyMDItNjM0YmM4ZTVhNjZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNQMA0G
CSqGSIb3DQEBCwUAA4IBAQA+Yjkp2JD1nQduOag9osQe3xihHIqfnyDLFzvlGgLf
vkqp3ls463hC1jUN8FnvxcMmS6wBnx9/QUHYUmDj9+25zxdGt9WU/2rLv7MtnkZq
t2+P/x+SKlJ3/7IQyjSIe7umZzxuc2M8t9a5G96RAUeEkU6iGHboxrjysSss7g7a
UjkyUk7ju3HchRi9Tbkb9b0y+bYCVLLiFahsSGOafED15kYldHd7UnlbMRS6nGLz
zDmDy+/Wf2DLehww+eTS4fTRIWEO8+T0bQDsiz7hGTxGRvaqDJWJrxCCokyUDKLq
2Lzj8ueKnn19yUY4USWEXulMtpaANqEUmLCFJliQ334u
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org